A joint security dug conducted by Pedro Ribeiro (Security Researcher of UK Based firm Agile Information) along with CERT Committee divulged the vulnerabilities in the web interface of the router that could allow attackers to:

Upload and Execute any malicious file remotely (CVE-2016-1524)

Download any file from Server (CVE-2016-1525)

Unauthorized Arbitrary File Upload Flaw: This flaw comes with the default installation of NMS300, allowing an unauthorized attacker to upload an arbitrary file and execute (Remote Code Execution) malicious code with SYSTEM privileges.

Since there are no patches yet available from Netgear to fix these vulnerabilities, the only solution that network admins could implement here is strengthening the firewall policy by restricting the untrusted sources.As threats continue to evolve and increase in volume and frequency, you can no longer rely on static network security monitoring.

Network administrators are strongly encouraged to monitor network-based services or protocols on a continuous basis using security monitoring solutions like AlienVault Unified Security Management (USM), which also includes intrusion detection (IDS) and real-time threat intelligence to help administrators to quickly identify and remediate threats on their network. Netgear had not yet commented to this issue.